We study the vulnerability of several implementations of the Data encryption standard crytosystem under a timing attack. A timing attack is a method designed to break cryptographic systems that was recently proposed by Paul kocher. It exploits the engineering aspects involved in the impelmentation of cryptosystems and might succeed even against cryptosystems that remain impervious to sophisticated cryptanalytic tehniques. A timing attack is, essentially, a way fo obtaining some user's private information by carefully measuring the time it takes the user to carry out cryptographic operations. In this work we analyze two implementations of DES. We show that a timing attack yields the Hamming weight ofthe key used by both DES implementations. Moreover, the attack is computationally inexpersive. We also show that all the design characteristics of the target system, necessary to carry out the timing attack, can be inferred from timing measurements. To the best of our knowledge this work is the first one that shows that symmetric cryptosystems are vulnerable to timign attacks.
展开▼
